Pacemaker is an advanced, scalable High-Availability cluster resource manager.
Security Fix(es):
A flaw was found in Pacemaker. An unauthenticated remote attacker can exploit an integer overflow vulnerability in the remote message decompression process. By sending a specially crafted compressed remote message before authentication, an attacker can cause memory corruption, leading to a denial of service (DoS) in the CIB remote listener. This can result in the affected service crashing.(CVE-2026-10649)
{
"severity": "High"
}{
"x86_64": [
"pacemaker-2.1.7-12.oe2403sp1.x86_64.rpm",
"pacemaker-cli-2.1.7-12.oe2403sp1.x86_64.rpm",
"pacemaker-cluster-libs-2.1.7-12.oe2403sp1.x86_64.rpm",
"pacemaker-debuginfo-2.1.7-12.oe2403sp1.x86_64.rpm",
"pacemaker-debugsource-2.1.7-12.oe2403sp1.x86_64.rpm",
"pacemaker-libs-2.1.7-12.oe2403sp1.x86_64.rpm",
"pacemaker-libs-devel-2.1.7-12.oe2403sp1.x86_64.rpm",
"pacemaker-remote-2.1.7-12.oe2403sp1.x86_64.rpm"
],
"src": [
"pacemaker-2.1.7-12.oe2403sp1.src.rpm"
],
"aarch64": [
"pacemaker-2.1.7-12.oe2403sp1.aarch64.rpm",
"pacemaker-cli-2.1.7-12.oe2403sp1.aarch64.rpm",
"pacemaker-cluster-libs-2.1.7-12.oe2403sp1.aarch64.rpm",
"pacemaker-debuginfo-2.1.7-12.oe2403sp1.aarch64.rpm",
"pacemaker-debugsource-2.1.7-12.oe2403sp1.aarch64.rpm",
"pacemaker-libs-2.1.7-12.oe2403sp1.aarch64.rpm",
"pacemaker-libs-devel-2.1.7-12.oe2403sp1.aarch64.rpm",
"pacemaker-remote-2.1.7-12.oe2403sp1.aarch64.rpm"
],
"noarch": [
"pacemaker-cts-2.1.7-12.oe2403sp1.noarch.rpm",
"pacemaker-doc-2.1.7-12.oe2403sp1.noarch.rpm",
"pacemaker-nagios-plugins-metadata-2.1.7-12.oe2403sp1.noarch.rpm",
"pacemaker-schemas-2.1.7-12.oe2403sp1.noarch.rpm",
"python3-pacemaker-2.1.7-12.oe2403sp1.noarch.rpm"
]
}